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A METHOD OF AUTOMATICALLY CONTROLLING FRAUD IN AN 
ELECTRONIC TRANSACTION SYSTEM 

The invention relates to online services on the 
Internet or any other information network, 
5 Online services generally employ protocols intended 

to preserve the confidentiality of the electronic 
transactions carried out. In particular, online services 
guarantee the anonymity of users through the use of 
session keys. When a user connects to a service, the 
10 user is assigned a session key. That key is used to 

encrypt the information exchanged between the user and 
the service provider system. 

Some online service systems include means for 
revealing the session key in the event of fraudulent use 
15 of the service. Revealing the session key leads to 
revealing the identity of the dishonest user and 
consequently removes the anonymity of that user. 

User anonymity removal means necessarily employ 
detection means adapted to command the removal of 
2 0 anonymity if certain conditions in respect of fraudulent 
use are satisfied. Such means must therefore be able to 
determine whether there has been fraudulent use or not. 

An object of the invention is to provide an 
anonymity removal system in the context of an online 

2 5 service that does not require any means for determining 

fraudulent use. 

The invention applies in the situation of fraudulent 
use consisting in obtaining a service a number of times 
in the same session exceeding the number authorized for a 

3 0 session. This is the situation, for example, of a user 

who connects to a site for downloading files and succeeds 
in downloading several files although paying to download 
only one file. 

The invention applies in particular to the illicit 
35 duplication of electronic goods. 
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The invention proposes a method of automatically 
controlling fraud in an electronic transaction system, 
characterized in that it comprises the steps of: 

- when a user initiates a session in the electronic 
5 transaction system, generating an element and storing the 
element in a database in association with information 
identifying the user; 

• each time during the session the user commands the 
execution of an operation, determining an equation that 

10 is satisfied by the element stored in the database; 

• when a sufficient given number of operations has 
been effected, solving the system of equations consisting 
of the equations determined as above to deduce the 
element; and 

15 • by consulting the database, deducing from the 

element obtained in this way the corresponding 

information identifying the user. 

In the context of the invention, a session is 

defined as a period of time during which a user is 
2 0 connected to a given online service and is authorized by 

the service provider to carry out a certain number of 

given operations. 

The method of the invention leads to revealing the 

identity of a user if the user has carried out some given 
25 number n of operations during the same session that is 

not authorized by the service provider. 

The method of the invention is applied automatically 

and identically to all users of a given service. There 

is therefore no distinction between fraudulent users and 
30 ordinary users. Thus the method of the invention does 

not use dedicated means in the event of fraudulent use. 
Moreover, with the method of the invention, the 

identity of the user is disclosed only if the user has 

carried out in the same session a given number n of 
35 operations that is greater than the number of operations 

authorized for a session. Consequently, before the user 

carries out the n^^ operation, the method gives no 
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indication as to the identity of the user, since it 
supplies a certain number of equations and there is an 
infinite number of solutions to those equations. As a 
result the method of the invention preserves the 
5 anonymity of users completely, provided that they comply 
with limits set by the service provider. 

The equations of the system of equations are 
preferably independent. A user will therefore be 
systematically identified on carrying out a known number 

10 n of operations, the number n corresponding to the number 
of operations needed to obtain a system of n equations 
having a single solution. 

The equations may be linear equations. 
The element consists of a series of numerical 

15 coefficients, for example. 

Those numerical coefficients may advantageously 
define a geometrical object in an n-dimensional space, 
such as a point, a line, a hyperplane, etc. 

They may equally define a mathematical object such 

20 as a function, a series, etc. 

The invention also provides a system for 
automatically controlling fraud in an electronic 
transaction system, characterized in that it comprises 
first calculation means for generating an element when a 

25 user initiates a session in the electronic transaction 
system, a database in which the element is stored in 
association with information identifying the user, the 
first calculation means being adapted to determine an 
equation that the element stored in the database 

30 satisfies each time the user commands the execution of an 
operation in the session, and second calculation means 
adapted to solve the system of equations consisting of 
the equations determined as above to deduce the element 
therefrom when a sufficient given number of operations 

35 has been effected, so that, by consulting the database, 
it is possible to deduce from the element obtained in 
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this way the corresponding information identifying the 
user . 

Other features and advantages emerge from the 
following description, which is purely illustrative, is 
5 not limiting on the invention, and should be read with 
reference to the appended drawings, in which: 

• Figure 1 shows one example of a system of the 
invention, 

■ Figure 2 is a graphical representation of the 
10 determination of an element associated with a user, the 
element being a line defined in a two-dimensional space, 

• Figure 3 is a graphical representation of the 
determination of an element associated with a user, the 
element being a plane defined in a space having n = 3 

15 dimensions, 

• Figure 4 is a graphical representation of the 
determination of an element associated with a user, the 
element being a point defined in a two-dimensional space, 

• Figure 5 is a graphical representation of the 

20 determination of an element associated with a user, the 
element being a point defined in a space having n = 3 
dimensions . 

Referring to Figure 1, the fraud control system 100 
is associated with server 200 for an online service (for 

2 5 example a service for downloading files or programs, for 
online purchases, for consulting documents, a 
communications service, etc.) operated by a service 
provider. The fraud control system includes a control 
module 102 connected to the server 200, a database 104 

30 connected to the control module 102, a pseudorandom 
generator 106, a first calculation module 108, and a 
second calculation module 110. The control module 102 
controls the pseudorandom generator 106, the first 
calculation module 108, and the second calculation module 

35 110. 

In a first embodiment of the system of the 
invention, when a user 3 00 connects to the server 2 00 of 
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the service provider via a communications network 400 and 
opens a session, a temporary session key is automatically 
assigned to the user by the server. The session key is 
stored in the database 104. It is normally held in the 
5 database 104 throughout the session, and then deleted 
when the session is closed. It enables communications 
between the user 3.00 and the server 2 00 to be made 
secure. The keys and other information contained in the 
database 104 are confidential. 
10 When the user 300 opens a session, the first 

calculation module 108 generates an equation of a line 
(having one dimension) in a space having two dimensions, 
this equation being of the type 
Y ^aX + b 

15 The equation of the line is stored in the database 104 
associated with the session key assigned to the user. 
The user and the session are therefore associated in a 
one-to-one relationship with the line D defined by the 
pair of coefficients (a, b) . 

20 When the user commands the execution of a particular 

operation in the context of the session that has been 
opened (for example the downloading of a file or a 
program) , the first calculation module 108 determines the 
coordinates (Xi, Yi) of a point Pi on the line D. To this 

25 end, the control module commands the pseudorandom 

generator 106 to generate a first coordinate Xi . Using 
that coordinate Xi, the first calculation module 108 
determines a second coordinate Yi from the equation of the 
line D, as follows: 

30 Y^^aXx-^b 

On its own, this first point Pi(Xi, Yi) is 
insufficient to determine the equation of the line D. At 
this stage it is not possible to work back to the 
identity of the user 300. 

35 If the user 300 succeeds in illicitly commanding the 

execution of another operation during the same session, 
the first calculation module 108 determines the 
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coordinates (X2/ Y2) of a second point P2 on the line D, 
To this end, the control module 102 commands the 
pseudorandom generator 106 to generate a first coordinate 
X2 different from Xi . Using that coordinate X2 the first 
5 calculation module 108 determines a second coordinate Y2 
from the equation of the line D, as follows: 
Y2 =0X2 +b 

As shown in Figure 2, the second calculation module 

110 deduces the equation of the line D from the two 

10 points Pi(Xi, Yi) and P2(X2/ Y2) determined as above. To 

this end, the second module solves the following system 

of equations: 

fy, =aX^ +b 

\Y2=aX2+b 

Knowing the equation of the line D (i.e. the 
15 coefficients a and b) supplied by the second calculation 
module 110, the control module 102 deduces the associated 
session key by consulting the database 104. That key 
identifies the fraudulent user who has succeeded in 
carrying out two operations although authorized to carry 
2 0 out only one operation. 

Once the confidentiality as to the identity of the 
user 3 00 has been removed, various steps may then be 
carried out. For example, the service provider may bar 
access to the server 200 by the user 300. 

2 5 In the embodiment of the invention described above, 

the space in which lines are created is a space having 
two dimensions. This implementation may be generalized 
to an application in a space having n dimensions. 

The first calculation module 108 generates an 

3 0 equation of a hyperplane H (having n-1 dimensions) in a 

space. E having n dimensions, the equation being of the 
type 

=^n-I^n-l ^2^2 +^1^1 + «0 

in which at least a number (n-2) of the coefficients an-i, 
35 a2/ ai, a© are zero. The session key and the 
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associated equation of the hyperplane H are stored in the 
database 104 . Thus the user and the session are 
associated with the hyperplane H defined by the n 
coefficients (an-i/ —# a2/ ai, ao) . 
5 Each time the user commands the execution of an i*^^ 

operation in the same session, the first calculation 
module 108 determines a point Pi with coordinates 

1 2 n 

in the hyperplane H. To this end, the control module 102 

10 commands the pseudorandom generator 106 to generate a set 

of (n-1) coordinates 

1 2 n-\ 

Using that set of coordinates, the first calculation 
module 108 determines an n*^^ coordinate 
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from the equation of the hyperplane H, as follows: 

n n-X 2 1 

If the user 3 00 has commanded the execution of an 
operation for the n time in the same session, the second 
20 calculation module 110 deduces the equation of the 

hyperplane H from the n points Pi, P2/ Pn calculated by 
the first calculation module 108. To this end, it solves 

the following system of equations: 

n n-\ 21 

X] =a^_^X^ +,,,a2X\ -\-a\X\ +09 

n n-\ 2 1 

X2 =^„-l-^2 +...^2^2 +<2i^2 +^0 



n n-\ 2 1 

X,j -a^_xX^ +...a2^;j -^a^Xf^+aQ 

25 Knowing the equation of the hyperplane H (i.e. the 

coefficients an-i, a2, ai, ao) , it is possible, by 

consulting the database 104, to deduce the session key 
associated with the hyperplane H and consequently to work 
back to the identity of the fraudulent user. This key 

3 0 identifies the fraudulent user who has succeeded in 
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carrying out n operations although authorized to carry 

out only n-1 operations. 

Figure 3 represents the determination of a plane H 

(having two dimensions) in a space having n = 3 

5 dimensions from three points Pi, P2/ and P3 calculated by 

the first calculation module 108. 

In a second embodiment of the fraud control system, 

when a user 3 00 connects to the server 2 00 of the service 

provider via a communications network 4 00 and opens a 

10 session, a temporary session key is automatically 

assigned to the user 300 by the server 200. 

The first calculation module 108 generates a point P 

(having 0 dimensions) in a space having two dimensions, 

the point being defined by coordinates of the type (X, 

15 Y) . The session key and the coordinates of the 

associated point P are stored in the database. 

When the user commands the execution of an 

operation, the first calculation module determines an 

equation Y = aiX + bi of a line Di passing through the 

20 point P(X, Y) . To this end, the control module commands 

the pseudorandom generator to generate a first 

coefficient ai corresponding to the slope of the line Di . 

Using this first coefficient ai, the first calculation 

module determines a second coefficient bi corresponding to 

25 the ordinate at the origin of the line Di from the 

coordinates (X, Y) , as follows: Y = aiX + bi . Thus: 
bx = Y-ax X 

This first line equation Y = aiX + bi does not enable 
determination of the coordinates of the point P(X, Y) and 

3 0 working back to the identity of the user. 

As shown in Figure 4, if the user illicitly commands 
the execution of the same operation, the first module 
determines an equation Y = a2X + b2 of a second line D2 
passing through the point (X, Y) . To this end, the 

35 control module commands the pseudorandom generator to 

generate a first coefficient a2 different from ai . Using 
this first coefficient a2/ the first calculation module 
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determines a second coefficient b2 from the coordinates 
(X, Y) of the point, as follows: 

In this embodiment of the invention, the space in 
5 which the points are created has two dimensions. This 

implementation may be generalized to an application in a 
space having n dimensions. 

When the user commands the execution of a particular 
operation in the context of the session that has been 
10 opened, for example the downloading of a file or a 

program, the first calculation module 108 generates a 
point P (having 0 dimensions) in a space having n 
dimensions. The session key and the point P associated 
with that key are stored in the database 104. Thus the 
15 user and the session are associated with a point P 
defined by the n coordinates (Xi, X2, -. Xn) . 

Each time the user commands the execution of an i^^ 
operation in the same session, the first calculation 
module 108 determines a hyperplane Hi containing the point 
20 P(Xi, X2, ... Xn) / the hyperplane Hi being defined by an 
equation of the type 

in which at least (n-2) of the coefficients 
/ / / / 

25 are zero. To this end, the control module commands the 
pseudorandom generator 106 to generate a set of (n-1) 
coefficients 

Using those (n-1) coefficients, the first calculation 
3 0 module 108 determines an n^^ coefficient 

from the coordinates of the point P(Xo/ Xi, X2/ ... Xn) , as 
follows : 

/ /■ i i 
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The anonymity of the user 3 00 is maintained if the 
user carries out at most (n-1) operations, as the system 
generates (n-1) equations with n unknowns, those n 
unknowns being the coordinates (Xi, X2, ... Xn) of the point 
5 P. 

If the user 300 executes n operations in the same 
session, the second calculation module 110 deduces the 
coordinates of the point P(Xi, X2, ... Xn) as being the 
intersection of the n hyperplanes Hi, H2, ... Hn calculated 
10 by the first calculation module 108. To this end, the 
second calculation module 110 solves a system of n 

equations in n unknowns: 

1 111 

2 2 2 2 

X^ =a^_^X„_^ + ...a2^2 +^1 ^\ +^0 
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X„ =^rt-l^/i-l + ...^22 ^2 +^1 ^1 +^0 

Knowing the coordinates of the point P(Xi, X2, — Xn) , 
15 it is possible, by consulting the database 104, to deduce 
the session key associated with that point P and 
consequently to work back to the identity of the 
fraudulent user, 

Figure 5 represents the determination of the point P 
2 0 in a space having n = 3 dimensions from three planes Hi, 

H2, and H3 (having two dimensions) calculated by the first 
calculation module 108. 



